Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-16002 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 4.3 |
| 2019-11-26 | CVE-2019-16001 | Uncontrolled Search Path Element vulnerability in Cisco Webex Meetings and Webex Teams A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. | 4.4 |
| 2019-11-26 | CVE-2019-15998 | Missing Authorization vulnerability in Cisco IOS XR 6.5.1/6.5.2/6.5.3 A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. | 5.0 |
| 2019-11-26 | CVE-2019-15995 | SQL Injection vulnerability in Cisco DNA Spaces: Connector A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. | 5.5 |
| 2019-11-26 | CVE-2019-15994 | Cross-site Scripting vulnerability in Cisco Stealthwatch Enterprise 6.10.2 A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2019-11-26 | CVE-2019-15990 | Unspecified vulnerability in Cisco products A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. | 5.0 |
| 2019-11-26 | CVE-2019-15988 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.0 |
| 2019-11-26 | CVE-2019-15987 | Improper Authentication vulnerability in Cisco products A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. | 5.0 |
| 2019-11-26 | CVE-2019-15972 | SQL Injection vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.5 |
| 2019-11-26 | CVE-2019-15971 | Insufficient Verification of Data Authenticity vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 4.3 |